🚨 CRITICAL ALERT: Active Zero-Day Exploits

Attackers are actively exploiting CVE-2026-3055 (CVSS 9.3-9.8) in Citrix NetScaler ADC and Gateway, a CISA KEV vulnerability enabling unauthenticated memory overread and sensitive data leaks on SAML IDP configurations. Immediate patching is critical as reconnaissance and in-the-wild attacks are confirmed.

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2026-3055 (CVSS: 9.8): Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread, allowing unauthenticated remote attackers to leak sensitive data from appliance memory. Active exploitation and reconnaissance detected since March 29, 2026.View NVD | CISA KEV

⚡ Immediate Actions Required

PATCH NOW: Upgrade to NetScaler ADC/Gateway versions 14.1-66.59, 13.1-62.23, or 13.1-37.262 (FIPS/NDcPP). Check SAML IDP config via appliance settings. Monitor logs for crafted requests targeting this flaw. Disable SAML IDP if unneeded. Affected versions: 14.1 < 14.1-66.59, 13.1 < 13.1-62.23. Exploitation window closing fast—act before data exfiltration occurs.